2303 matches found
A Deep Dive into the Evolution of Ransomware Part 1
This 3-part blog series takes an in-depth look at the evolution of ransomware business models, from the early stages to current trends...
Common Cloud Configuration Errors & Fixes
Cloud configuration errors are a major concern for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve them...
In Review: What GPT-3 Taught ChatGPT in a Year
Amidst the uproar and opinions since November 2022, we look at the possibilities and implications of what OpenAI’s ChatGPT presents to the cybersecurity industry using a comparison to earlier products, like its predecessor GPT-3...
Royal Ransomware expands attacks by targeting Linux ESXi servers
Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Royal ransomware is following in the same path, a new variant targeting Linux systems emerged and we will provide a technical analysis on this variant in this blog...
Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers
Ransomware actors have been observed to expand their targets by increasingly developing Linux-based versions. Royal ransomware is following in the same path, a new variant targeting Linux systems emerged and we will provide a technical analysis on this variant in this blog...
Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack
We discovered a new backdoor which we have attributed to the advanced persistent threat actor known as Earth Kitsune, which we have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who are interested in North...
Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns
We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023...
MLOps Security Best practices
MLOps provides a systematic approach to evaluating and monitoring ML models. Discover the various security concerns associated with MLOps and learn the best practices for using it securely...
Lower Data Breach Insurance Costs with These Tips
The changing attack landscape has resulted in the hardening of the data breach insurance market. Gain insight into how implementing security controls can reduce the mean time to detect and control the costliness of an attack...
5 Cloud Security Challenges Solved by CNAPP
Configuration errors are a major cause of cloud security challenges for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve them...
OT Cybersecurity Plan to Prevent the 5Ds
Outline a cybersecurity plan to protect your operational technology network by studying the five techniques adversaries use to target them...
Guide to Container Management on AWS
This article explores how services provided by Amazon Web Services enable better container management with simplicity, flexibility, and complete control...
Ransomware Revolution: 4 Types of Cyber Risks in 2023
The ransomware business model is poised to change. These four predictions could help to keep your organization secure from new forms of cyber extortion...
Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs
We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures...
Earth Zhulong: Familiar Patterns Target Vietnam
In 2022, we discovered Earth Zhulong, a hacking group that has been targeting Vietnam's telecom, technology, and media sectors similar to another well-known threat actor. In this article, we unravel their new tactics, techniques and procedures that they apply on their misdeeds...
Earth Zhulong: Familiar Patterns Target Southeast Asian Firms
In 2022, we discovered Earth Zhulong, a hacking group that has been targeting Asian firms similar to another well-known threat actor. In this article, we unravel their new tactics, techniques and procedures that they apply on their misdeeds...
Transport Layer Security (TLS): Issues & Protocol
Although Transport layer security TLS provides enhanced security, cybercriminals have become increasingly savvy, finding ways to circumvent many of these protections. Learn how malicious actors exploit vulnerabilities within TLS to introduce new forms of malware...
A Cybersecurity Risk Assessment Guide for Leaders
Cybersecurity risk assessment provides the continuous asset detection, analysis, prioritization, and risk scoring needed to keep pace with a continuously growing digital attack surface...
Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk
In this investigation, we analyzed several prominent "passive income" applications and found out that there may be security risks upon participating in these programs...
Cloud-ready and Channel-first
Trend Micro named one of 2023’s coolest cloud security companies...
TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users
We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from bank and finance apps. Analyzing the...
6 Ransomware Trends & Evolutions For 2023
In the era of digital transformation, ransomware groups are adapting to changing technology. The next evolution of ransomware could begin with these trends...
Research Exposes Azure Serverless Security Blind Spots
Simulation uncovers hidden features and urges greater user awareness...
What SOCs Need to Know About Water Dybbuk, A BEC Actor Using Open-Source Toolkits
We analyze a BEC campaign targeting large companies around the world that was leveraging open-source tools to stay under the radar...
New APT34 Malware Targets The Middle East
We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers...
Monthly Threat Webinar Series in 2023: What to Expect
Stay informed and stay ahead...
Attack Vector vs Attack Surface: The Subtle Difference
To establish a better security posture, you must address vulnerabilities in your attack vectors and surfaces. While these terms are similar, they’re not the same. This article explores key differences between the two, helping you make your system more secure...
Cyber Security Managed Services 101
MSP partnerships are growing in line with rapid cloud migration and the evolving threat landscape. Discover how an MSP can help your business and tips for making an informed partner decision...
Cybersecurity Posture & Insurance Outlook with Advisen
Trend Micro’s Eric Skinner, and Advisen, an insurance data and analytics company, discuss the current threat landscape, cyber risk management, and how vendors and cyber insurers can champion enhanced cybersecurity posture...
New Mimic Ransomware Abuses Everything APIs for its Encryption Process
Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage...
Dependency Mapping for DevSecOps
Discover the importance of dependency mapping and best practices for successful dependency management...
Attacking The Supply Chain: Developer
In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment IDE, this proof considers the execution of malicious build scripts via injecting commands when th...
Ransomware Recovery Plan for 2023
It’s important to defend against ransomware attacks, but is your organization prepared to deal with the consequences of a breach? Find out how to plan an effective ransomware recovery strategy...
Vice Society Ransomware Group Targets Manufacturing Companies
In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry...
TLS Connection Cryptographic Protocol Vulnerabilities
TLS is the backbone of encryption and key to ensuring data integrity, but its misconfiguration can leave your system vulnerable. Read on to discover how to secure your TLS connection and arm your organization against malicious attacks...
What is Business Attack Surface Management?
Explore how businesses can make internal and external attack surface management ASM actionable...
“Payzero” Scams and The Evolution of Asset Theft in Web3
In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”...
Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks
We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events This is the intrusion set we track behind the creation of Batloader...
Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT also known as Bladabindi to infect victims across the Middle East and North Africa...
Cyber Hygiene: How to get buy-in from employees
Good cyber hygiene starts with buy-in across the enterprise. Discover how CISOs can establish a company-wide security culture to reduce risk...
Abusing a GitHub Codespaces Feature For Malware Delivery
Proof of Concept POC: We investigate one of the GitHub Codespaces’ real-time code development and collaboration features that attackers can abuse for cloud-based trusted malware delivery. Once exploited, malicious actors can abuse legitimate GitHub accounts to create a malware file server...
4 Predictions for Cyber Insurance Requirements 2023
As the threat landscape evolves and the cost of data breaches increase, so will cyber insurance requirements from carriers. Cyber Risk Specialist Vince Kearns shares his 4 predictions for 2023...
An in-depth HTTP Strict Transport Security Tutorial
HSTS is an Internet standard and policy that tells the browser to only interact with a website using a secure HTTPS connection. Check out this article to learn how to leverage the security of your website and customers’ data and the security benefits you’ll gain from doing so...
What is Red Teaming & How it Benefits Orgs
Running real-world attack simulations can help improve organizations' cybersecurity resilience...
Gootkit Loader Actively Targets Australian Healthcare Industry
We analyzed the infection routine used in recent Gootkit loader attacks on the Australian healthcare industry and found that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player...
Why Data Hygiene is Key to Industrial Cybersecurity
How can highly distributed organizations with complex, integrated supply chains defend against cyber threats? By practicing good data hygiene based on zero-trust principles...
Dridex Returns, Targets MacOS Using New Entry Method
The Dridex variant we analyzed targets MacOS platforms with a new technique to deliver documents embedded with malicious macros to users...
Improving Software Supply Chain Security
Explore use cases and mitigation strategies to improve software supply chain security and reduce cyber risk...
CISO's Challenges Involved with Business Leader & SOC
Yohei Ishihara, IoT security evangelist at Trend Micro, discussed the challenges CISOs facing within organizations driving industrial IoT...
IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
We analyze the latest changes in IcedID botnet from a campaign that abuses Google pay per click PPC ads to distribute IcedID via malvertising attacks...